Is Your Information Submitted Online Secure?

Posted on: July 30, 2013 | By: Christina Bonds | Filed under: Info Security

HTTP stands for Hyper Text Transport Protocol.  Basically, it is how information is to be passed back and forth between clients (users’ computers or devices) and web servers (where websites live).  Websites can use either http:// or https://.  The ‘s’ stands for secure.  As your information travels from your computer to the web server, it is possible for someone to eavesdrop and view the information when using http://.  Therefore you should never submit any sensitive information using an http:// website.

Https:// sends information over an encrypted connection.  This means it turns the information into an unreadable format.  Only the client and webserver know how to decrypt or change it back to a readable format.

What is sensitive information?

Information that can personally identify you or someone else is sensitive information.  Below are some examples.

  • PINs
  • Account numbers
  • Credit\debit card numbers
  • Passwords
  • Social security numbers

If you are shopping online or filling out a form where you will be entering sensitive information, make sure the website is using https://.  If you don’t see https:// the site is using http:// and I suggest not using the website.

If you are just browsing the web and not entering any personal information, http:// is fine.

Some websites use a combination of both http:// and https://.  The https:// pages would be used for any sensitive information that is to be submitted so be sure to look at the address bar before submitting your information.

Differences

  1. Http:// is unsecured while https:// is secured
  2. Http:// does not use encryption while https:// uses encryption
  3. The URL address begins with http:// for site using http while with https the URL address begins with https://

Where https should be used

  1. Banking and other financial websites
  2. Payment gateways such as PayPal
  3. Shopping websites
  4. Login pages where you have to enter a password
  5. Web email sites such as google and yahoo!
  6. Any site where you submit personal information

Christina Bonds

Christina Bonds, CISSP, is an Application Developer at Elon University

More Posts

 

Comments are closed.